This article is more than 1 year old
Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors
Official report blows lid on behind-the-scenes
Analysis On December 2, 2015 Syed Farook and his wife Tashfeen Malik attended his employer's holiday party in San Bernardino, California – and without warning started indiscriminately shooting at fellow employees.
Four minutes and 75 bullets later, 14 people were dead and 17 injured. Farook and Malik fled the scene but were located by the police four hours later and died in the resulting gunfight.
The attack stoked fears of Islamic extremism within the United States but the shooting has become renowned for a different reason: a showdown between the FBI and Apple over access to Farook's mobile phone.
Now a new report [PDF] by the US Department of Justice's internal inspector general, published Tuesday, has blown open the case and indicates the FBI might have been trying to play Apple for a patsy.
The truth is out there
The report title is remarkable in itself: "A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation."
Which could perhaps be more accurately titled: "Did the FBI lie about not being able to break into a terrorist's phone in an effort to win a legal precedent granting it access to everyone else's digital devices?"
And the answer is, remarkably, yes and no.
Two months after the attack, on February 9, 2016, the FBI announced it was unable to unlock one of the phones it had recovered from the couple's home - an iPhone 5C running iOS 8 - because of its security features.
Those features had been introduced in a recent update of the phone's operating system and included an auto-delete function if the wrong passcode was typed in too many times.
Hand it over. No
The FBI asked Apple to create a new version of its operating system to install on the phone and enable it to bypass the security features. Apple refused. So the FBI responded by getting a court order that demanded Apple create and supply the software workaround.
In the end, the issue was resolved the day before a crunch court hearing when the FBI said it had found a third-party solution to cracking the phone and no longer needed to force Apple to break its own encryption.
The timing of that last-minute back down raised suspicions that the FBI had engineered the showdown to create a legal precedent that would force US companies to give it backdoor access to everyone's digital devices now and in the future.
In the prior months, the FBI had been increasingly vocal about the need to be able to access everyone's phones for security reasons. Its director repeatedly warned about criminals "going dark" and evading law enforcement's efforts to track them down. Was the San Bernardino shooting the perfect test case? After all, who could argue against tracking down terrorists?
FBI Director wants 'adult conversation' about backdooring encryptionREAD MORE
It wasn't just technologists that had their suspicions, it turns out. As the DoJ report makes clear, the FBI's own Executive Assistant Director (EAD) Amy Hess was concerned that staff within the FBI had withheld knowledge about being able to crack the phone. She was especially concerned because she gave testimony to Congress in which she stated that the FBI did not have the ability to crack the phone – and that was why it had taken Apple to court.
Concerns over FBI civil war
On August 31, 2016 – five months after the FBI announced it could unlock the phone – the DoJ's internal watchdog the Office of the Inspector General (OIG) received "a referral from the FBI Inspection Division after former EAD Hess expressed concern about an alleged disagreement between units within the FBI Operational Technology Division (OTD) over the 'capabilities available to the national security programs' to access the Farook iPhone following its seizure."
In other words, she had found out that people may not have been entirely honest with her and someone in the FBI was concerned enough to report it to the DoJ.
The OIG says it "conducted inquiries" into the question, including interviewing "relevant key participants" and outlines what it found in its report. It doesn't say when those interviews happened or why it has taken 18 months to finish up and publish the report.
The report concludes that FBI officials did not lie to Congress in their testimony because what they said was true at the time. That is a key finding in that it backs up the FBI's claim that it was not able to access the phone at the time; anything else would have indicated that the FBI knowingly misled Congress and the public in an effort to grant itself new powers. Which would be an explosive situation.
Fortunately we are not a police state yet. But the report does flag some very disturbing conversations and inconsistencies that appear to point quite clearly to the fact that the FBI made the most out of the situation and may have done its best not to find out if some parts of the FBI were able to crack the phone in order to pursue its legal case.
The key to understanding what went on behind the scenes is in making sense of the FBI's internal structures.
The report notes there was a communication issue between two key departments: the Cryptographic and Electronic Analysis Unit (CEAU) and the Remote Operations Unit (ROU).
Prepare for alphabet soup
The CEAU sits within the Digital Forensics and Analysis Section (DFAS) of the FBI and the ROU sits within the Technical Surveillance Section (TSS) of the agency. And both the DFAS and TSS sit within the Operational Technology Division (OTD) of the FBI.
As with any organization, these additional layers of bureaucracy create communication barriers. But the key thing to understand is that while both CEAU and ROU work on cracking digital devices (among other things), the ROU spends more time on issues of national security and CEAU does more everyday law enforcement.
It fell to the CEAU to try to break into Farook's phone and it didn't have the tools to do so, and reported that back to FBI leadership. Pretty soon, however, the issue became much bigger and the FBI started considering pressuring Apple to force it to give the FBI access to iPhones.
It appears that at that point, FBI leadership went back to the CEAU and asked it to make sure that no one in the FBI was able to crack the phone. It is here that the DoJ report says there was a communication breakdown – but raises the question as to whether that breakdown was inadvertent or deliberate.
A logical department to have asked if it had a crack was the ROU. But it turns out that there was never a direct request to the ROU – with senior officials claiming that it was simply assumed that the ROU would be approached during an agency-wide request for help. The report notes it received "conflicting testimony" on this critical aspect.
The ROU for its part says that it wasn't forthcoming with what it had because it has a longstanding rule that it does not use its tools for anything but national security cases – and the San Bernardino shooting was explicitly being pursued as a criminal matter.
As it turns out – at least according to the DoJ report – the ROU didn't have a crack for the relevant operating system, iOS 8. But what it did have was a relationship with a third-party (assumed to be Israel-based Cellebrite) that it knew was "90 per cent" of the way to cracking the operating system.